JBAS-1768 X-port XSS login form repairs

author Bill Erickson <berickxx@gmail.com>

Mon, 3 Jul 2017 15:22:16 +0000 (11:22 -0400)

committer Bill Erickson <berickxx@gmail.com>

Thu, 21 Mar 2019 19:46:23 +0000 (15:46 -0400)
author Bill Erickson <berickxx@gmail.com>
Mon, 3 Jul 2017 15:22:16 +0000 (11:22 -0400)
committer Bill Erickson <berickxx@gmail.com>
Thu, 21 Mar 2019 19:46:23 +0000 (15:46 -0400)
diff --git a/KCLS/openils/var/templates_kcls/opac/parts/login/form.tt2 b/KCLS/openils/var/templates_kcls/opac/parts/login/form.tt2

index 6bf2c6d..761c1b7 100644 (file)
--- a/KCLS/openils/var/templates_kcls/opac/parts/login/form.tt2
+++ b/KCLS/openils/var/templates_kcls/opac/parts/login/form.tt2
@@ -132,7 +132,7 @@
                                          END;
                                          redirect = redirect  | replace('^http:', 'https:');
                                      %]
-                                    <input type='hidden' name='redirect_to' value='[% redirect %]'/>
+                                    <input type='hidden' name='redirect_to' value='[% redirect | html %]'/>
                                      <input type="checkbox" name="persist" id="login_persist" /><label for="login_persist"> [% l('Stay logged in?') %]</label>
                                  </div>
                                  <div style="padding-top:14px;">
author	Bill Erickson <berickxx@gmail.com>
	Mon, 3 Jul 2017 15:22:16 +0000 (11:22 -0400)
committer	Bill Erickson <berickxx@gmail.com>
	Thu, 21 Mar 2019 19:46:23 +0000 (15:46 -0400)